CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2021/04/29 5:15 p.m.•15 views

Design/Logic Flaw

2.1CVSS6.3AI score0.00081EPSS

Prion•added 2021/04/29 5:15 p.m.•17 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS7.8AI score0.00351EPSS

Prion•added 2021/04/29 5:15 p.m.•17 views

Design/Logic Flaw

2.1CVSS6.3AI score0.0009EPSS

Cvelist•added 2021/04/29 4:31 p.m.•19 views

CVE-2021-31435

7.8CVSS8AI score0.00351EPSS

Cvelist•added 2021/04/29 4:31 p.m.•14 views

CVE-2021-31423

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

6CVSS6.1AI score0.00078EPSS

CVE•added 2021/04/29 4:31 p.m.•47 views

CVE-2021-31423

Parallels Desktop Toolgate Uninitialized Memory Information Disclosure (CVE-2021-31423) affects Parallels Desktop 15.1.5-47309. The flaw is in the Toolgate component and stems from failure to properly initialize memory before access, allowing a local attacker who can execute high-privilege code o...

6CVSS5.8AI score0.00078EPSS

Cvelist•added 2021/04/29 4:31 p.m.•14 views

CVE-2021-31419

6.5CVSS6.5AI score0.0009EPSS

Cvelist•added 2021/04/29 4:31 p.m.•10 views

CVE-2021-31418

6.5CVSS6.5AI score0.0009EPSS

Kaspersky•added 2021/04/26 12:0 a.m.•37 views

KLA12155 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in CoreText can be exploited to obta...

6.5CVSS8.9AI score0.00605EPSS

Exploits0References3

Kaspersky•added 2021/04/22 12:0 a.m.•67 views

KLA12156 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability in WebKit can be exploited to perfo...

6.5CVSS8.8AI score0.00605EPSS

Exploits0References3

Zero Day Initiative•added 2021/04/21 12:0 a.m.•41 views

Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

6.5CVSS3.7AI score0.0009EPSS

CNNVD•added 2021/04/21 12:0 a.m.•2 views

Corel Parallels Desktop 缓冲区错误漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 15.1.5-47309. The vulnerability stems from failure to properly initialize memory before accessing it. A local attacker could exploit t...

6CVSS5.6AI score0.00078EPSS

Exploits0References5

CNNVD•added 2021/04/21 12:0 a.m.•1 views

Corel Parallels Desktop 缓冲区错误漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 15.1.4-47270. The vulnerability stems from failure to properly initialize memory before accessing it. A local attacker could exploit t...

6.5CVSS5.6AI score0.0009EPSS

Exploits0References5

OSV•added 2021/04/02 6:15 p.m.•1 views

CVE-2021-1780

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack...

4.4CVSS5.8AI score

CVE•added 2021/04/02 5:58 p.m.•78 views

CVE-2021-1780

CVE-2021-1780 is a memory initialization issue in Bluetooth on Apple devices, addressed in iOS 14.4 and iPadOS 14.4. The vulnerability allows a privileged attacker to cause a denial of service via memory handling weaknesses, as described in the NVD entry and Apple’s HT212146 documentation. The is...

4.9CVSS4.5AI score0.00184EPSS

Exploits0References1Affected Software2

Zero Day Initiative•added 2021/03/17 12:0 a.m.•48 views

Microsoft Office Graph Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Graph COM...

7.8CVSS3.9AI score0.04203EPSS

OSV•added 2021/03/05 11:2 a.m.•3 views

OESA-2021-1078 xorg-x11-server security update

X.Org X11 X server. Security Fixes: A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.8CVSS7.2AI score0.00133EPSS

Exploits0References3

VulnCheck KEV•added 2021/01/21 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-8514

An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

5.5CVSS6.8AI score0.00915EPSS